verifying application security

Discussion in 'Automated Trading' started by the_inspector, Apr 14, 2007.

  1. Is there a way that one can verify that a given application is malicious code free (Ex. spyware) and that it does not communicate with another party?

    the inspector
  2. any suggestions

  3. Yes download a firewall program like Comodo Firewall
    ( or Zone Alarm (
    Download the spyware scanners Ad-aware ( and Spybot Search & Destroy ( while you're at it. Use their preventive measures and scan your hard drive regularly.

    These programs will tell you everytime any program tries to access the internet along what it is accessing, what info is it sending, and ect. You might not understand it you're not somewhat tech savvy but you can put the info into google and give it the green light or block the attempt from that. You can also set the program to blacklist/audit/block certain programs while letting other programs that you trust access the internet freely.

    You should always have a software and hardware firewall(router) on your trading computer and only give permission to programs that need to access the internet and that you trust (autoupdate, trading platform, web browser, certain processes essential for the computer).

    Hope this helps.
  4. Thanks for the answer,

    If we take a custom ATS for example, it would need to have inbound as well as outbound communication access for it to work, correct? But how can I be sure that a firewall like comodo will prevent the ATS from sending unauthorized data such as account numbers and passwords while permitting outbound communication?

  5. bump.
  6. maxpi


    you get a firewall, i prefer a hardware firewall over software, and you limit the addresses that outbound info can be sent to. That way only somebody at your brokerage can hack you :)
  7. Maxpi,

    Ok, I can live with that....if I trade with IB, do you know how I would get their addresses?
  8. If I can control the destination port, would that do the job just as well?
  9. if you want to get really advanced you could get a packet sniffer/ethernet sniffer and capture all the data being sent out and then analyze it.. but for the most part you have to some element of trust in the program that you plan to use. Look for suspicious behavior. If your program is accessing strange ports that it shouldn't be or if the port ranges are not within the specified range(consult the program's manual) then there may be a problem. Do your keystrokes get interrupted when you are typing or is there lag on your keys(keylogger). Does the program use a lot of CPU cycles or bandwidth when it is idle?

    If you are creating an automated trading system, then make sure you download your program from a reputable source and that it is from a reputable dealer(Wealth-Lab, TradeStation, MT4, ect..) or you just simply make you own(that way you know 100% that it is safe).
  10. Zone Alarm will do the job.
    #10     Apr 19, 2007